A vast majority of government networks are driven by Microsoft products, from Office 365 to the Azure cloud platform. It should come as no surprise, then, that more and more agencies are looking for tools to monitor Microsoft systems more effectively—all through a single pane of glass.
The good news is there are ways to make the most of existing Microsoft technology with complementary monitoring strategies that will meet the needs of the federal IT operations security teams, SysAdmins, DevOps pros, and managers.
Microsoft Active Directory is a critical tool that helps system administrators manage user privileges and secure their IT infrastructure, yet Active Directory presents several security challenges. Most problematic is that Active Directory’s attack surface is huge. Targets for attack include every domain name user account, admin and security group, domain controller, backup, admin workstation, and admin delegations and privileges. If any one of these targets is compromised, your entire Active Directory can be compromised too.
On May 12 a ransomware virus, WannaCry, was released on the Internet and rapidly spread to hundreds of thousands of Microsoft Windows based computers in over 150 countries. The malware encrypts critical files on a computer, such as Excel, Word, and other important files, and seeks out backup copies for encryption as well. Once it infects a system, it requires the victim to pay approximately $300 in digital currency (Bitcoin), and immediately tries to find other systems to infect.